Healthcare Organizations Unprepared for Data Breaches
Healthcare Organizations Unprepared for Data Breaches

The Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, on behalf of ID Experts, shows the continued targeting of healthcare organizations, due in large part to the high value of healthcare data. While cyberattacks increasingly target healthcare organizations, the flip side is that insider negligence continues to open up opportunities for both cyber attacks and data loss from more traditional methods.

Repeat Data Breaches are on the Rise

In the past 2 years, 90% of healthcare organizations represented in the study had a data breach, with 45% of those having more than 5 breaches in the same time period. The number of healthcare organizations suffering repeat data breaches is on the rise. Estimates suggest that healthcare data breaches cost the industry $6.2 billion, up from the estimated $6 billion in the previous year. As noted on the Ponemon blog:

“Healthcare organizations and their business associates are a community of organizations that share vulnerable patient data—a community that provides a larger attack surface, and many points of access, for criminals who are becoming more adept at acquiring and exploiting personal information.”

Key takeaways from the study:

  • The average cost of a data breach for covered entities is now more than $2.2 million per organization (up from $2 million last year)
  • The average cost of a data breach for business associates is more than $1 million
  • Criminal attacks in healthcare continue to rise, now as the leading cause of data breaches in healthcare, causing 50% of data breaches
  • Top cyber threats facing healthcare organizations are ransomware, malware and denial-of-service (DOS) attacks
  • Internal threats account for the other half of data breaches — unintentional employee actions, third-party snafus, and stolen computing devices
  • More than half of healthcare organizations admit they’re not vigilant in ensuring partners and third parties protect patient information.
  • Most healthcare organizations and business associates have not invested in technologies to mitigate a data breach

Don’t Leave the Door Open to Hackers

Although cyber attacks are often credited as the “cause” of a data breach, in reality, they are only the final broken link in a chain of weaknesses that were exploited. Unpatched systems and devices, lost or stolen devices, phishing & malware, insecure passwords, use of public WiFi, unsanctioned cloud use, poor data access and use controls (and so much more) continue to open the doors for cyber criminals to pursue their final attack. With insider threats currently accounting for half of data breaches, it’s likely that, if you dug further, an even greater percentage of cyber attacks would trace back to insiders.

Right now, half of all healthcare organizations have little or no confidence they can even detect the theft or loss of data, let alone prevent it. With the continued shift to electronic health information, and the growing attack surface introduced by the cloud, mobile use and even the Internet of Things, we’re going to continue to see healthcare organizations suffer data breaches at this magnitude.

Streamline Your Data Protection

At Absolute, it’s our goal to streamline the protection of healthcare data, no matter where it lives. Absolute DDS for Healthcare provides valuable insight into all of your endpoints and the data they contain, so you can have accurate information on your fleet of devices, as well as the information they contain, with alerts for events and activities that could be precursors to a security incident.

With Absolute DDS, you can help shine a light on dark data on the endpoint, helping you address the ever-prevalent insider threat, prevent or respond to data breaches, and prove compliance if needed. Absolute DDS for Healthcare is a comprehensive on boarding program which pairs our highest level of endpoint security with expert forensic support to respond to and contain security incidents. Learn more at Absolute.com

ABOUT THE AUTHOR

Arieanna Schweber

Arieanna Schweber has been a part of the Absolute writing team since 2007. Arieanna was Canada’s first female professional blogger and has been professionally blogging since 2006 and has spoken at leading blogging conferences including BlogHer and Northern Voice. Arieanna has a joint degree in Business and Communications from Simon Fraser University and continues to build communities for Vancouver-based clients.